public function isEqualTo(UserInterface $user)
{
if ($this->username == $user->getUsername()) {
return true;
}
return false;
}
private function logUser(UserInterface $user, $password)
{
$token = new UsernamePasswordToken($user, $password, 'secured_area', $user->getRoles());
$request = $this->getRequest();
$session = $request->getSession();
$session->set('_security_secured_area', serialize($token));
}
/**
* {@inheritdoc}
*/
protected function getSecret(UserInterface $user)
{
if ($user instanceof AdvancedApiUserInterface) {
return $user->getApiKeys();
}
return parent::getSecret($user);
}
/**
* Update the users last login.
*
* @param UserInterface $user
*/
protected function updateLastLogin($user)
{
if ($user instanceof BaseUser) {
$user->setLastLogin(new \DateTime());
$this->entityManager->flush();
}
}
private function authenticateUser(UserInterface $user)
{
$providerKey = 'secured_area';
// your firewall name
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
$this->getSecurityContext()->setToken($token);
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof CorredorUser || $this->password !== $user->getPassword() || $this->salt !== $user->getSalt() || $this->username !== $user->getUsername()) {
return false;
}
return true;
}
/**
* {@inheritdoc}
*/
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(['data_class' => RequestRememberPasswordCommand::class, 'empty_data' => function (FormInterface $form) {
$email = null === $this->currentUser ? $form->get('email')->getData() : $this->currentUser->getUsername();
return new RequestRememberPasswordCommand($email);
}]);
}
/**
* {@inheritDoc}
*/
public function isEqualTo(UserInterface $user)
{
if ($user instanceof FacebookUser && $user->getId() === $this->getId()) {
return true;
}
return false;
}
/**
* {@InheritDoc}
*
* @throws NonceExpiredException
*/
public function validateDigest(WsseUserToken $wsseToken, UserInterface $user)
{
$created = $wsseToken->created;
$nonce = $wsseToken->nonce;
$digest = $wsseToken->digest;
$secret = $user->getPassword();
// Check created time is not too far in the future (leaves 5 minutes margin)
if (strtotime($created) > time() + 300) {
throw new WsseAuthenticationException(sprintf('Token created date cannot be in future (%d seconds in the future).', time() - strtotime($created)));
}
// Expire timestamp after 5 minutes
if (strtotime($created) < time() - 300) {
throw new WsseAuthenticationException(sprintf('Token created date has expired its 300 seconds of validity (%d seconds).', strtotime($created) - time()));
}
// Validate that the nonce is *not* used in the last 10 minutes
// if it has, this could be a replay attack
if (file_exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + 600 > time()) {
throw new NonceExpiredException('Previously used nonce detected.');
}
// If cache directory does not exist we create it
if (!is_dir($this->cacheDir)) {
mkdir($this->cacheDir, 0777, true);
}
file_put_contents($this->cacheDir . '/' . $nonce, time());
// Validate Secret
$expected = base64_encode(sha1(base64_decode($nonce) . $created . $secret, true));
if (!StringUtils::equals($expected, $digest)) {
throw new WsseAuthenticationException('Token digest is not valid.');
}
return true;
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
$client = $this->clientFactory->build('en');
$request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword);
$response = $request->executeWithClient($client);
if ($response->isError()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$result = $request->mapResponse($response);
$customer = $result->getCustomer();
if ($currentUser !== $customer->getEmail()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$this->session->set('customer.id', $customer->getId());
}
}
public function refreshUser(UserInterface $user)
{
if (!$user instanceof User) {
throw new UnsupportedUserException("Instances of {get_class({$user})} are not supported");
}
return $this->loadUserByUsername($user->getUsername());
}
public function getAuthorEmail()
{
if (null === $this->author) {
return $this->author_email;
}
return $this->author->getEmail();
}
/**
* {@inheritDoc}
*/
public function refreshUser(UserInterface $user)
{
if (null === ($refreshedUser = $this->repository->findOneByUsername($user->getUsername()))) {
throw new UsernameNotFoundException(sprintf('User with id %s not found', json_encode($user->getId())));
}
return $refreshedUser;
}
/**
*
* @param string $attribute
* @param Club $club
* @param UserInterface $user
* @return boolean
*/
protected function isGranted($attribute, $club, $user = null)
{
switch ($attribute) {
case self::VIEW:
if (!$club->isPrivate()) {
return true;
}
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
if (in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
break;
case self::EDIT:
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
foreach ($club->getAdministrators() as $administrator) {
if ($administrator->getId() == $user->getId()) {
return true;
}
}
if (in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
return false;
case self::CREATE:
break;
}
return false;
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) {
return false;
}
return true;
}
public function login(UserInterface $user)
{
$user->setLastLogin(new \DateTime());
$this->userManager->updateUser($user);
$this->loginManager->loginUser($this->providerKey, $user);
return $user;
}
public function equals(UserInterface $account)
{
if ($this->getUsername() == $account->getUsername()) {
return true;
}
return false;
}
/**
* {@inheritDoc}
*/
public function connect(UserInterface $user, UserResponseInterface $response)
{
$property = $this->getProperty($response);
$username = $response->getUsername();
//on connect - get the access token and the user ID
$service = $response->getResourceOwner()->getName();
if ($service == "google") {
$service = "gplus";
}
$setter = 'set' . ucfirst($service);
$setter_id = $setter . 'Uid';
$setter_token = $setter . 'Name';
//we "disconnect" previously connected users
if (null !== ($previousUser = $this->userManager->findUserBy(array($property => $username)))) {
$previousUser->{$setter_id}(null);
$previousUser->{$setter_token}(null);
$this->userManager->updateUser($previousUser);
}
//we connect current user
$user->{$setter_id}($username);
$user->{$setter_token}($response->getAccessToken());
//save customfield
$user->setProfilePicture($response->getProfilePicture());
//TODO: Save locale, $user->setLocale($response->getLocale());
$this->userManager->updateUser($user);
}
public function checkPostAuth(UserInterface $user)
{
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$user->isAccountNonLocked()) {
$ex = new LockedException('User account is locked.');
$ex->setUser($user);
throw $ex;
}
if (!$user->isEnabled() and $user->getStatus() == User::STATUS_BAD_EMAIL) {
$ex = new DisabledException('BAD_EMAIL');
$ex->setUser($user);
throw $ex;
}
if (!$user->isEnabled()) {
$ex = new DisabledException('DISABLED');
if ($user instanceof User && $user->getConfirmationToken()) {
$ex = new DisabledException('DISABLED:' . Strings::base64EncodeUrl($user->getEmail()));
}
$ex->setUser($user);
throw $ex;
}
if (!$user->isAccountNonExpired()) {
$ex = new AccountExpiredException('User account has expired.');
$ex->setUser($user);
throw $ex;
}
}
public function refreshUser(UserInterface $user)
{
if ($user instanceof User) {
return $this->loadUserByUsername($user->getUsername());
}
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
/**
* Hydrates an user entity with ldap attributes.
*
* @param UserInterface $user user to hydrate
* @param array $entry ldap result
*
* @return UserInterface
*/
protected function hydrate(UserInterface $user, array $entry)
{
$user->setPassword('');
if ($user instanceof AdvancedUserInterface) {
$user->setEnabled(true);
}
foreach ($this->params['attributes'] as $attr) {
if (!array_key_exists($attr['ldap_attr'], $entry)) {
continue;
}
$ldapValue = $entry[$attr['ldap_attr']];
$value = null;
if (!array_key_exists('count', $ldapValue) || $ldapValue['count'] == 1) {
$value = $ldapValue[0];
} else {
$value = array_slice($ldapValue, 1);
}
call_user_func(array($user, $attr['user_method']), $value);
}
if ($user instanceof LdapUserInterface) {
$user->setDn($entry['dn']);
}
if ($user instanceof LdapUserRoleInterface && count($this->params['role'])) {
$this->addRoles($user, $entry);
}
}
public function checkCredentials($credentials, UserInterface $user)
{
if ($user->getPassword() === $this->passwordEncoder->encodePassword($user, $credentials['password'])) {
return true;
}
throw new CustomUserMessageAuthenticationException("Password is incorrect.");
}
public function equals(UserInterface $user)
{
if ($user instanceof MagentoUser) {
return $user->getId() === $user->id;
}
return $user->getUsername() === $this->email;
}
/**
* {@inheritDoc}
*/
public function connect(UserInterface $user, UserResponseInterface $response)
{
$providerName = $response->getResourceOwner()->getName();
$uniqueId = $response->getUsername();
$user->addOAuthAccount($providerName, $uniqueId);
$this->userManager->updateUser($user);
}
/**
* @inheritdoc
*/
public function equals(UserInterface $user)
{
if (!$user instanceof User) {
return false;
}
return $user->getUsername() === $this->username;
}
/**
* Adds a new User to the provider.
*
* @param UserInterface $user A UserInterface instance
*
* @throws \LogicException
*/
public function createUser(UserInterface $user)
{
if (isset($this->users[strtolower($user->getUsername())])) {
throw new \LogicException('Another user with the same username already exists.');
}
$this->users[strtolower($user->getUsername())] = $user;
}
/**
* {@inheritDoc}
*
* @uses connect()
*
* @throws LdapDriverException
*/
public function bind(UserInterface $user, $password)
{
if ($user instanceof LdapUserInterface && $user->getDn()) {
$bind_rdn = $user->getDn();
} elseif (isset($this->params['bindRequiresDn']) && $this->params['bindRequiresDn']) {
if (!isset($this->params['baseDn']) || !isset($this->params['accountFilterFormat'])) {
throw new LdapDriverException('Param baseDn and accountFilterFormat is required if bindRequiresDn is true');
}
$bind_rdn = $this->search($this->params['baseDn'], sprintf($this->params['accountFilterFormat'], $user->getUsername()));
if (1 == $bind_rdn['count']) {
$bind_rdn = $bind_rdn[0]['dn'];
} else {
return false;
}
} else {
$bind_rdn = $user->getUsername();
}
if (null === $this->ldap_res) {
$this->connect();
}
$this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn));
ErrorHandler::start(E_WARNING);
$bind = ldap_bind($this->ldap_res, $bind_rdn, $password);
ErrorHandler::stop();
return $bind;
}
/**
* {@inheritdoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
if ($user->getPassword() === $credentials['password']) {
return true;
}
throw new CustomUserMessageAuthenticationException($this->failMessage);
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($user instanceof User) {
$encoder = $this->encoderFactory->getEncoder($user);
if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
} else {
$ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']);
$bind = $ldap->bind($user->getUsername(), $presentedPassword);
$this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true)));
if (!$bind) {
throw new BadCredentialsException('The presented password is invalid.');
}
// There's likely more data in the LDAP result now after a successful bind
$this->userProvider->refreshUser($user);
}
}
}
/**
* Refreshes the user for the account interface.
*
* It is up to the implementation to decide if the user data should be
* totally reloaded (e.g. from the database), or if the UserInterface
* object can just be merged into some internal array of users / identity
* map.
*
* @param UserInterface $user
*
* @return UserInterface
*
* @throws UnsupportedUserException if the account is not supported
*/
public function refreshUser(UserInterface $user)
{
try {
return $this->loadUserByUsername($user->getUsername());
} catch (UsernameNotFoundException $ex) {
throw new UnsupportedUserException($ex->getMessage());
}
}
